It's been turned off in Nightly for a while, and I've noticed several sites broken because of it - most notably, the T-Mobile payment website.

For interested T-Mobile users, here's the Mozilla tech evangelism bug trying to reach T-Mobile about their broken site:

https://bugzilla.mozilla.org/show_bug.cgi?id=1042380

this is good news--Firefox leaving users vulnerable to well-known attacks by default for just a few months is actually a major improvement (not being sarcastic).

mozilla security engineers have a history of making excuses of the "let's continue doing this incredibly unsafe thing in Firefox in the name of legacy compatibility" variety. i'm thinking of folks like julien vehent & brian smith here, but kudos to the rest of the mozilla security team for finally starting to move beyond the tortured logic of defaults that leave all ff users vulnerable.

You do realize Chrome 40 is also coming out in November, yes?

http://www.chromium.org/developers/calendar

i do - my comment was about security team attitudes